Bug: External storage SMB credentials not updated after LDAP/AD password change

[vc]

Bug description

Nextcloud 33.0.2 installed on Ubuntu without Docker. LDAP/AD authentication is used for user login. External storage SMB shares are configured with "Log-in credentials, save in database" option. When a user's password is changed in Active Directory, Nextcloud does not update the stored credentials in oc_storages_credentials table. This causes SMB external storage to become unavailable with ForbiddenException errors. Deleting old credentials from the database and asking the user to re-login temporarily fixes the issue, but the problem recurs after subsequent password changes.

Steps to reproduce

1. Configure Nextcloud with LDAP/AD authentication backend
2. Set up SMB external storage with "Log-in credentials, save in database" authentication
3. User logs into Nextcloud at least once (credentials are saved to oc_storages_credentials)
4. Change the user's password in Active Directory
5. User logs into Nextcloud with the new password
6. Check external storage status - it shows "This node is unavailable" in the interface
7. Check Nextcloud logs - ForbiddenException errors appear for SMB storage access

Expected behavior

When a user changes their AD/LDAP password and logs into Nextcloud with the new credentials, the stored SMB credentials in oc_storages_credentials should be automatically updated. External storage should remain accessible without manual intervention.

Nextcloud Server version

• 33.0.2

Operating system

• Debian/Ubuntu

PHP engine version

• PHP 8.5.4

Web server

• Apache 2.4.52

Database engine version

• MariaDB

Is this bug present after an update or on a fresh install?

• Updated from a MINOR version (ex. 32.0.1 to 32.0.2)

Are you using the Nextcloud Server Encryption module?

• Encryption is Disabled

What user-backends are you using?

• LDAP/ Active Directory

Configuration report

{
    "system": {
        "dbtype": "mysql",
        "dbname": "nextcloud",
        "dbuser": "***",
        "dbpassword": "***",
        "dbhost": "localhost",
        "dbtableprefix": "oc_",
        "admin_user": "***",
        "admin_password": "***",
        "installed": true,
        "ldap_enabled": true,
        "files_external_enabled": true
    }
}

List of activated Apps

  - files_external: 1.16.0
  - user_ldap: 1.20.0
  - dav: 1.25.0

Nextcloud Signing status

No errors (all apps properly signed)

Nextcloud Logs

{
    "reqId": "abc123def456",
    "level": 2,
    "time": "2026-04-28T15:57:15+03:00",
    "remoteAddr": "192.168.x.x",
    "user": "testuser",
    "app": "no app in context",
    "method": "PROPFIND",
    "url": "/remote.php/dav/files/testuser/",
    "message": "Error while getting quota info, using root quota",
    "exception": {
        "Exception": "OCP\\Files\\StorageNotAvailableException",
        "Message": "Storage with mount id 7 is not available",
        "Code": 1,
        "Trace": [
            {
                "file": "/path/to/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php",
                "line": 273,
                "function": "getAvailability",
                "class": "OC\\Files\\Storage\\FailedStorage",
                "type": "->"
            },
            {
                "file": "/path/to/nextcloud/apps/files_external/lib/Config/ConfigAdapter.php",
                "line": 126,
                "function": "getAvailableStorages",
                "class": "OCA\\Files_External\\Config\\ConfigAdapter",
                "type": "->"
            }
        ],
        "File": "/path/to/nextcloud/lib/private/Files/Storage/FailedStorage.php",
        "Line": 185,
        "Hint": "Storage is temporarily not available",
        "Previous": {
            "Exception": "OCP\\Files\\StorageAuthException",
            "Message": "Storage unauthorized. Invalid request for smb://smb-server.example.com/share (ForbiddenException)",
            "Code": 4
        }
    }
}

Additional info

• Temporary workaround: Delete user's credentials from oc_storages_credentials table and ask them to re-login:

  mysql nextcloud -e "DELETE FROM oc_storages_credentials WHERE user = 'affected_username';"

  After deletion, the user needs to re-login to Nextcloud so it saves the current valid credentials.
• This issue affects multiple users (observed in logs with same error pattern)
• Checked existing issues none match exactly this behavior where credentials are never updated after password change if they already exist in DB
  • external storage locks user in AD when password has changed in AD #16724
  • Wrong (malformed) external storage credentials saved in oc_storages_credentials #24600
  • [Bug]: after changing ldap password in AD user still logged in, but data not stored... #37342
  • [Bug]: External storage support after a user change password in LDAP create a Error SQLSTATE[23000]: Integrity constraint violation: 1062 #38201